Mirai Botnets and Its Variants Wreck Havoc

When towards the end of 2016, Dyn, a DNS provider based in the US underwent a massive DDoS attack that it led in the short unavailability of a number of successful online services, the fame of the Mirai malware became instantly recognized outside the cybersecurity enterprise. As it was expected, other cybercriminals took it and applied it as a base to produce other malware modifications to target IoT devices.

Mirai Botnets and Its Variants Wreck Havoc

Successors of Mirai

Here are the four most prominent Mirai variants:

Satori: This Mirai variant came in December 2017 and after that went through many repetitions. It employed the use of default credential scanning, a feature which Mirai had. In Satori, two remote code exploits were added to enhance the efficiency.

JenX: It has the same configuration table as well as the same string obfuscation as its predecessor. However, it had neither the scanning function nor the exploitation function as these functions were shifted to another system.

OMG: OMG was another Mirai variant which supported all of Mirai’s functions. The author of OMG extended the Mirai code and added a proxy server.

Wicked: Wicked is the latest variant of Mirai. In the latest variant, many payloads are open for distribution in a case that involves a minimum of three brand-new exploits which show how its authors are proceeding to extend its reach.

What is Mirai Botnet?

Mirai is a botnet virus which propagates by itself. The malware’s author made its source code available to the public after launching a successful and infamous attack on the Krebbs website. Ever since the source code for Mirai has been written and used by several others to launch attacks.

The Mirai botnet code usually targets internet devices which are inadequately protected. It uses telnet to find the devices which use their factory default username and password. Mirai is extremely effective because it has the ability to infect several thousands of poorly protected devices and regulate them to install a DDOS attack upon a chosen prey.

How to prevent it?

Change your passwords

Default security passwords are a massive security issue in general. This is especially true with respect to the Internet of Things, where just one default password can give an attacker the access to several thousands of devices. It is sufficient to form a sizeable botnet within no time. Alter all the default passwords, and implement robust password policies which need passwords to be changed from time to time.

Authentication

Authentication makes sure that the devices are linked to the authentic parties. Woefully, most of the Telnet implementations do not authenticate even a little. Two of the most common authentication protocols which rely on public-private keys for validating clients and servers are SSG and SSL.

Encryption

Do not go to websites which are known distributors of malicious software. If you have a complete security suite such as Norton, then you will get a warning when you visit malicious websites. Moreover, you can store your passwords in Norton Identity Safe. To get more details on Norton,  go to www.norton.com/myaccount or norton.com/setup.

Leave a Reply